Blog, Information Security and Manufacturing - Information Management Today

How your staff make security decisions: The psychology of information security

IT Governance

JANUARY 20, 2021

Perhaps there’s a new face in the office that they don’t recognise, or a new password they need to remember, or a database of sensitive information that they need to upload onto the Cloud. For example, he found that employees usually don’t have a solid understanding of information security or their obligations to protect information.

Information Security

Information Security Security Passwords Encryption

US agricultural machinery manufacturer AGCO suffered a ransomware attack

Security Affairs

MAY 8, 2022

The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware attack impacted some of its production facilities. To nominate, please visit:?

Agriculture

Agriculture Manufacturing Ransomware Cybersecurity

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

Security Affairs

APRIL 6, 2022

Nordex Group, one of the largest manufacturers of wind turbines, was hit by a cyberattack that forced the company to shut down part of its infrastructure. Nordex Group, one of the world’s largest manufacturers of wind turbines, was the victim of a cyberattack that forced the company to take down multiple systems. Pierluigi Paganini.

Manufacturing

Manufacturing IT Ransomware Cybersecurity

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. .” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site.

Military

Military Manufacturing Ransomware Mining

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Security Manufacturing Cybersecurity

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Other research by Cybernews has revealed that BMW , a German luxury vehicle manufacturer producing around 2.5 The issue causing the leak has been fixed.

Retail

Retail Manufacturing Communications Passwords

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs.

Manufacturing

Manufacturing Cybersecurity Education Authentication

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

Security Affairs

MAY 16, 2023

French electronics manufacturer Lacroix Group shut down three plants after a cyber attack, experts believe it was the victim of a ransomware attack. The French electronics manufacturer Lacroix Group shut down three facilities in France, Germany, and Tunisia in response to a cyber attack.

Manufacturing

Manufacturing Ransomware Sales Encryption

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). MSI is headquartered in Taipei, Taiwan.

Ransomware

Ransomware IT Manufacturing Education

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Security Affairs

JUNE 2, 2022

LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico. The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. Pierluigi Paganini.

Ransomware

Ransomware Manufacturing Cybersecurity Security

Conti Ransomware Gang claims responsibility for the Nordex hack

Security Affairs

APRIL 15, 2022

The Conti ransomware gang has claimed responsibility for the recent attack against Nordex, one of the largest manufacturers of wind turbines. The Conti ransomware gang claimed responsibility for the cyberattack that hit the manufacturer of wind turbines Nordex on March 31, 2022. To nominate, please visit:? Pierluigi Paganini.

Ransomware

Ransomware Manufacturing Cybersecurity Security

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

“ Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. ” wrote Google TAG Security Engineer Billy Leonard. ” wrote Google TAG Security Engineer Billy Leonard.

Manufacturing

Manufacturing Phishing Passwords Military

Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack

Security Affairs

APRIL 27, 2022

At the end of March, the Conti ransomware gang hit the manufacturer of wind turbines Nordex, while in early March, wind turbine manufacturer Enercon GmbH lost remote connection to roughly 5,800 turbines due to an attack on Viasat’s satellite network. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Manufacturing

Manufacturing Ransomware Cybersecurity Security

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 The reign of a Chinese brand.

Passwords

Passwords Manufacturing Authentication Government

NIST published updated guidance for supply chain risks

Security Affairs

MAY 8, 2022

A devices may have been designed in one country and its components could be manufactured across multiple countries worldwide. A security incident suffered by one of the companies producing these components could have a significant impact on the overall product and service. To nominate, please visit:? Pierluigi Paganini.

Risk

Risk Manufacturing Cybersecurity Retail

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

Having access, they could exfiltrate a treasure trove of sensitive data, given that Siemens manufactures and maintains a lot of technologies and machines used by critical infrastructure.” “We sincerely hope that threat actors didn’t discover the leak before Siemens managed to fix it,” said Cybernews researchers.

IoT

IoT Manufacturing Authentication Ransomware

ESET warns of three flaws that affect over 100 Lenovo notebook models

Security Affairs

APRIL 19, 2022

CVE-2021-3971: A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. To nominate, please visit:?

Manufacturing

Manufacturing Cybersecurity Security IT

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies. electronics manufacturers and distributors between approximately October 2012 and January 2022. hacking tools and electronics appeared first on Security Affairs. ” reads a press release published by DoJ.

Computer and Electronics

Computer and Electronics Military Manufacturing Government

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

This blog will briefly overview the most essential developments shaping the legislative and compliance environment. When enforced, the regulation will mandate manufacturers to prioritize security from the design stage and throughout the product's entire lifecycle.

Compliance

Compliance Cybersecurity Risk Manufacturing

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Security Affairs

AUGUST 8, 2023

designs, manufactures, sells, and services medical devices and software products for treating cancer and other medical conditions worldwide. “ALL DATABASES AND PATIENT DATA WAS EXFILTRATED AND PREPARED TO BE PUBLISHED ON THE BLOG” states the Lockbit gang on its TOR leak site. Varian Medical Systems, Inc.

Ransomware

Ransomware IoT Manufacturing Privacy

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

Kraft Heinz is an American food company, it is one of the largest food and beverage manufacturers globally. The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. In October 2022, the Snatch ransomware group claimed to have hacked the French company HENSOLDT France.

Ransomware

Ransomware Computer and Electronics Military Agriculture

Anonymous and the IT ARMY of Ukraine continue to target Russian entities

Security Affairs

APRIL 8, 2022

The list of recently compromised businesses includes: Forest – The hacktivists leaked 37,500 emails stolen from the company which is a Russian logging and wood manufacturing firm. a Russian logging and wood manufacturing firm and associated companies. Aerogas’ clients include Rosneft, NOVATEK, Volgagaz, Purneft, and others.

IT

IT Manufacturing Access Cybersecurity

Hyundai suffered a data breach that impacted customers in France and Italy

Security Affairs

APRIL 12, 2023

In December 2019, German media reported that hackers suspected to be members of the Vietnam-linked APT Ocean Lotus ( APT32 ) group breached the networks of the car manufacturers BMW and Hyundai. The intrusion aimed at stealing automotive trade secrets.

Data breaches

Data breaches Manufacturing Cybersecurity Education

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security is the rising tide that lifts all ships. As all parts of an organization overlap with security, an increase in one allows benefits in others. About the essayist: Chris Reffkin is chief information security officer at cybersecurity software and services provider Fortra.

Risk

Risk Cybersecurity Manufacturing Security

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

Since February, the attacks targeted organizations in critical manufacturing, IT, and Israel’s defense industry. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Phishing

Phishing Manufacturing Education Cybersecurity

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

This allowed ESET researchers to identify devices previously used in a data center/ cloud computing business (specifically, a router provisioning a university’s virtualized assets), a nationwide US law firm, manufacturing and tech companies, a creative firm, and a major Silicon Valleybased software developer, among others.”

Authentication

Authentication Marketing Cloud Manufacturing

China-linked Winnti APT steals intellectual property from companies worldwide

Security Affairs

MAY 4, 2022

The campaign flew under the radar since at least 2019, it was attributed by the experts to the China-linked Winnti group and targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. ” reads the report published by Cybereason. To nominate, please visit:? Pierluigi Paganini.

Manufacturing

Manufacturing Archiving Cybersecurity Access

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

Security Affairs

JUNE 1, 2023

We encourage you to get in touch or we’ll start posting your data on our blog soon. “We encourage you to get in touch or we’ll start posting your data on our blog soon. . “We have over 2TB of very sensitive data, lawyers, SEC, DoD, FBI, Police and more. We mailed you the login link.”

Ransomware

Ransomware Manufacturing Cybersecurity IT

3CX Supply chain attack allowed targeting cryptocurrency companies

Security Affairs

APRIL 4, 2023

The software is used by organizations in almost every industry, including automotive, food & beverage, hospitality, Managed Information Technology Service Provider (MSP), and manufacturing. Researchers from Kaspersky discovered that the supply chain attack was used to deliver a backdoor tracked by the Russian firm as Gopuram.

Manufacturing

Manufacturing Cybersecurity Education Security

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. reads the alert.

Ransomware

Ransomware IT Encryption Education

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. ” reads the post published by Trellix.

Access

Access Authentication Manufacturing Cybersecurity

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

Last year, with a total share of 18% of all cyberattacks, it was the second most targeted industry, following manufacturing. ICICI Bank’s response Threat to financial accounts Finance and insurance are one of the most targeted industries by cybercriminals.

Personal data

Personal data Phishing Risk Financial Services

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

Security Affairs

APRIL 26, 2023

. “We have not been informed about a risk related to an energy management component by any authority,” Patrick Berger, Huawei’s head of media affairs told POLITICO. ” The German interior ministry is making a census of components manufactured by Chinese suppliers that are used by national network operators.

Government

Government Communications Risk Cybersecurity

Security Affairs newsletter Round 365 by Pierluigi Paganini

Security Affairs

MAY 15, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Security

Security Agriculture Ransomware Manufacturing

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Communications

Communications Manufacturing Access Archiving

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

Data Matters

FEBRUARY 14, 2019

On January 28, 2019, the Healthcare and Public Health Sector Coordinating Council released the “ Medical Device and Health IT Joint Security Plan ” (“JSP” or “Plan”)—cybersecurity recommendations for medical device manufacturers, healthcare information technology vendors, and healthcare providers.

Cybersecurity

Cybersecurity IT Manufacturing Risk

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector. To help navigate such security-specific challenges, organisations may find it useful to reference a best-practice standard like ISO 27005 , which offers guidance on managing information security risks.

Risk

Risk Data breaches Authentication Financial Services

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Welcome to a new series of weekly blog posts rounding up the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Breached organisation: Kwik Trip, American convenience store chain.

Data Privacy

Data Privacy Privacy Security Data breaches

Raspberry Robin spreads via removable USB devices

Security Affairs

MAY 7, 2022

The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. The malware uses TOR exit nodes as a backup C2 infrastructure. Initial access is typically through infected removable drives, often USB devices. To nominate, please visit:?

Manufacturing

Manufacturing Libraries Cybersecurity Communications

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

SEPTEMBER 16, 2021

Whether we put name ‘X’ or ‘Y’ on the adversary, we strongly believe that we are dealing with a Chinese actor whose long-term objectives are persistence in their victims’ networks and the acquisition of the intelligence needed to make political/strategic or manufacturing decisions.”. Access Through Compromised Web Server.

Military

Military Access Manufacturing Phishing

Money Message gang leaked private code signing keys from MSI data breach

Security Affairs

MAY 8, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. In early April, the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Data breaches

Data breaches Ransomware Manufacturing Authentication

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

” states the blog post published by Malwarebytes. Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors.

Phishing

Phishing Manufacturing Archiving Government

US DoJ announced to have shut down the Russian RSOCKS Botnet

Security Affairs

JUNE 18, 2022

The investigation into the botnet revealed that its operators compromised several large public and private entities, including a university, a hotel, a television studio, and an electronics manufacturer, along with home businesses and individuals. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Computer and Electronics

Computer and Electronics Access Manufacturing Sales

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. .” reads the joint report. ” continues the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

How your staff make security decisions: The psychology of information security

US agricultural machinery manufacturer AGCO suffered a ransomware attack

Trending Sources

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

MSI confirms security breach after Money Message ransomware attack

Volvo retailer leaks sensitive files

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

Money Message ransomware group claims to have hacked IT giant MSI

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Conti Ransomware Gang claims responsibility for the Nordex hack

China-linked APT Curious Gorge targeted Russian govt agencies

Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack

3.5m IP cameras exposed, with US in the lead

NIST published updated guidance for supply chain risks

Siemens Metaverse exposes sensitive corporate data

ESET warns of three flaws that affect over 100 Lenovo notebook models

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Anonymous and the IT ARMY of Ukraine continue to target Russian entities

Hyundai suffered a data breach that impacted customers in France and Italy

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Hackers can hack organizations using data found on their discarded enterprise network equipment

China-linked Winnti APT steals intellectual property from companies worldwide

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

3CX Supply chain attack allowed targeting cryptocurrency companies

City of Dallas shut down IT services after ransomware attack

HID Mercury Access Controller flaws could allow to unlock Doors

Multinational ICICI Bank leaks passports and credit card numbers

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

Security Affairs newsletter Round 365 by Pierluigi Paganini

China-linked APT Volt Typhoon targets critical infrastructure organizations

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

Risk Management under the DORA Regulation

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Raspberry Robin spreads via removable USB devices

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

Money Message gang leaked private code signing keys from MSI data breach

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

US DoJ announced to have shut down the Russian RSOCKS Botnet

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Stay Connected